Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Google Chrome Browser Vulnerable to Security Flaw

A security researcher has published proof-of-concept code showing Google Chrome is vulnerable to an attack targeting an old version of WebKit and a Java bug. News of the flaw came Sept. 2, not long after Google officials announced the launch of the Chrome browser's beta program.

WEBINAR:On-Demand

A security researcher has discovered a flaw in the beta version of Google's Chrome browser that can lead to Windows users downloading malicious Java files.

According to the ZDNET security blog, Israeli security researcher Aviv Raff has released proof-of-concept code that targets a vulnerability in an old version of WebKit being used by the Google browser as well as a Java bug. With a little social engineering, users can be tricked into downloading malware onto Windows desktops.

Ironically, the WebKit flaw this targets was patched already by Apple. Raff has created a demonstration for the flaw that will download a Java Archive file onto a user's desktop that gets executed without warning. Once the user double-clicks the download at the bottom of the screen, the application is opened.

Further reading

The demonstration, available here, reportedly opens up a harmless notepad application written in Java.

News of the flaw Sept. 2 came only hours after Google publicly launched the beta for its new browser and stressed security was a main focus. The browser has a number of features designed to protect users, including a private browsing mode known as "Incognito" and the sandboxing of the rendering engine. Google also leverages blacklists to protect users from known rogue sites.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.